Description 


RPM Telco is a private cloud service based on our proprietary RPM application. It is webbased and stores data in an individual database for each subscriber. 


How many servers do you have? 


We have a farm of multiple servers. Some servers have databases, some host the application itself, some store file attachments, and some are for backup. 

  • The number of servers is adjusted based on our operational load. 
  • For security reasons we do not share hardware details about our servers or the exact number of machines. 
  • Users only interact with the web servers, never the database or file servers directly.


What are your servers? What technology do they use? 


We use Microsoft technology including Windows, SQL Server, the .Net Framework, C#, and IIS. 

  • We are continually upgrading our servers with the current stable version and the best available hardware. 
  • We keep up with all security patches. 
  • We never use beta code.
  • For security reasons we do not share more specific software or configuration details about our servers.
  • Our firewall is dedicated Cisco hardware. In addition each web server has its own IP filtering firewall. 


Where are your servers located? 


All of our servers are in a state-of-the-art data center in Santa Clara, USA. 


Details are available online: https://goo.gl/X6DSYp


What is your backup? 


  • Each of our multiple database servers keeps its own hourly backups. 

 

How is your security tested? 


  • We perform manual and automated recursion testing on every version of RPM we develop. 
  • We perform security testing on our test and live server farms using Netsparker and other tools. 
  • Our application architecture makes cross-site scripting and SQL injection attacks easy to protect against. By default all input received by the web servers is scrubbed. Values are then further checked at the single point of communication between the application and database servers. 

 

Does RPM use third party code? 


Other than the Microsoft technology stack we use very little third party software. The little third party code we do use is vetted and updated. No third party code has access to the databases. We never use beta code. 

  • A compiled library that let reads and writes Excel files for our import and download features. 
  • A JavaScript chart rendering library. 
  • A basic JavaScript UI framework. 

 

What are some example software security practices? 


  • RPM requires a 128bit SSL connection, just like online banking. 
  • RPM does not store plain-text passwords. 
  • RPM does not require the client to have Java or Flash installed.



Network Diagram